[Snort-devel] Bug in fpEvalHeaderTcp/Udp ?

Dirk Geschke Dirk_Geschke at ...802...
Mon Oct 21 05:21:01 EDT 2002


Hi all,

I think this is a "design" error in fpdetect.c:

    1131 static INLINE int fpEvalHeaderTcp(Packet *p)
    1132 {
    1133     PORT_GROUP *src, *dst, *gen;
    1134     int retval;
    1135     unsigned short sp , dp;
    1136 
    1137     if(p->sp == 0)
    1138         sp = -1;
    1139     else

if 'sp' is unsinged short so what is sp = -1 ? I think the idea
was not to use a default port of 65535 which is the result since
in prmFindRuleGroup this variables (sp and dp) are mapped to int
variables... (The behaviour for UDP is same.)

So the ports should be neither unsigned nor a short variable.

Best regards

Dirk
-- 
+------------------------------------------------------------+
| Dr. Dirk Geschke            | E-mail: geschke at ...802...     |
| Gesellschaft fuer Netzwerk  | Tel.  : +49-(0)-89-991950-31 |
| und Unix Administration mbH | Fax   : +49-(0)-89-991950-99 |
| 85551 Kirchheim / Germany   | Raeter Stra/3e 26            |
+------------------------------------------------------------+






More information about the Snort-devel mailing list